[code] HitmanPro 3.7.20.286 www.hitmanpro.com Computer name . . . . : HARING-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : Haring-PC\Haring UAC . . . . . . . . . : Enabled License . . . . . . . : Paid (347 days left) Scan date . . . . . . : 2017-09-10 09:32:18 Scan mode . . . . . . : Normal Scan duration . . . . : 47s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 2 Objects scanned . . . : 1.377.540 Files scanned . . . . : 33.635 Remnants scanned . . : 251.801 files / 1.092.104 keys Miniport ____________________________________________________________________ Primary DriverObject . . . : FFFFFA8007883060 DriverName . . . . : \Driver\iaStorA DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF88004B9B2F0 \??\C:\Windows\system32\drivers\hmpalert.sys+135920 Solution DriverObject . . . : FFFFFA8007883060 DriverName . . . . : \Driver\iaStorA DriverPath . . . . : \SystemRoot\system32\DRIVERS\iaStorA.sys StartIo . . . . . : 0000000000000000 +0 IRP_MJ_SCSI . . . : FFFFF880015756C0 \SystemRoot\system32\DRIVERS\storport.sys+5824 Suspicious files ____________________________________________________________ C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\MpKsldcc254ef.sys Size . . . . . . . : 44.928 bytes Age . . . . . . . : 0.9 days (2017-09-09 11:06:56) Entropy . . . . . : 6.5 SHA-256 . . . . . : AADE8C93BFE0830AE43AD649F62D7D7E25FC14107B172815EF9F4069C19ADFCC Product . . . . . : Microsoft Malware Protection Publisher . . . . : Microsoft Corporation Description . . . : KSLDriver Version . . . . . : 1.2.1003.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. Service . . . . . : MpKsldcc254ef LanguageID . . . . : 1033 Fuzzy . . . . . . : 47.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Starts automatically as a service during system bootup. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. The file is a device driver. Device drivers run as trusted (highly privileged) code. Startup HKLM\SYSTEM\CurrentControlSet\Services\MpKsldcc254ef\ Forensic Cluster -13.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpasdlta.vdm -13.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpavdlta.vdm -12.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\ -12.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\mpengine.dll -8.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.20 -8.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.55 -8.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.67 -7.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.79 -5.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.7C -5.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.7E -5.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.80 -4.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.87 -4.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.A0 -4.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.83 -4.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.CE -4.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-A6B7DDAFEB6DE9169B369FC6C48D143A29E88F09.bin.5B -4.2s C:\Windows\Prefetch\AM_DELTA_PATCH_1.251.663.0.EX-63244148.pf 0.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BB38535-5376-4A5D-B7A9-871F2A796FFB}\MpKsldcc254ef.sys [/code]